Note: When the PolicyPak CSE becomes unlicensed for ANY REASON, starting in build 3068 and later, all endpoint users will get a pop up warning expressing that the license is not operating. This gives a GRACE period of 30 days if a license becomes unavailable or times out. Example of what customers will see:
An endpoint can become unlicensed due to a variety of reasons. Examples include:
*
*
*Note in these cases: The actual behavior may be somewhat different than what is described here.
An
endpoint can have it’s “directives” removed because of a variety of reasons. Examples include:
Different components react somewhat differently when their licenses are removed, the policy which affects them is removed, or when the Client Side Extension is forcefully removed. In any of those cases, the PolicyPak Client Side Extension component(s) will react to that. In *GENERAL*… :
However you might be interested to understand the unlicensed / revert behavior for each component. Each component is listed here. (Current as of Jan 2018).
When un-licensed, PolicyPak Application Manager:
When un-licensed or policy revert:
-or-
For Win32 apps where AppLock (UI restrictions) are used, like in this example.. the UI becomes unrestricted.
When NTFS / ACL Lockdown is used (see here), the end-user will be free to change these settings inside the (previously restricted) registry.
Note also that some Paks may be set to "System Wide Lockdown" like Java and Firefox like what is seen here. In those cases, all users on the system are free to make changes after the GPO no longer applies.
When unlicensed:
Additionally, and/or when the GPO / XML no longer applies:
When PolicyPak Browser Router is uninstalled or becomes un-licensed:
Additionally, and/or when the GPO / XML no longer applies, any PolicyPak Browser Router “routes” are no longer honored. More information on PPBR's unlicensed behavior can be seen at this link https://kb.policypak.com/kb/article/425-04-when-i-unlicense-or-remove-policypak-browser-router-from-scope-policypak-browser-router-agent-still-shows-as-os-default-browser-why-is-that-and-is-there-a-workaround
When PolicyPak Admin Templates Manager becomes unlicensed PolicyPak Admin Templates Manager will no longer apply new PPATM policies:
Additionally, and/or when the GPO / XML no longer applies, policy setting items work and revert exactly like Microsoft's Admin Templates Policy settings. So when PolicyPak Admin Templates Manager policy settings no longer apply, they revert back to their "Not Configured" value.
When licensed: PolicyPak Preferences manager becomes the “intermediary” which calls Microsoft’s Group Policy Preferences CSEs. By default, we do not give our PolicyPak Preferences Manager licenses unless specifically requested by the customer (and this must be done each year.) When PolicyPak Preferences manager becomes unlicensed:
When the GPO no longer applies, or Policy XML no longer applies:
When PolicyPak Java Rules Manager becomes unlicensed, PPJRM will not honor new PPJRM policies. Additionally, and/or when the GPO / XML no longer applies PolicyPak will stop existing mappings of websites to Java.
When PolicyPak File Associations Manager becomes unlicensed, PolicyPak File Associations Manager will no longer honor new directives. Additionally, and/or when the GPO / XML no longer applies:
When PolicyPak Start Screen & Taskbar Manager becomes unlicensed:
Additionally, and/or when the GPO / XML no longer applies:
When PolicyPak Security Settings Manager becomes unlicensed:
Additionally, and/or when the GPO / XML no longer applies:
Local admins can then make changes to these settings if desired.
When Feature Manager for Windows becomes unlicensed:
When PolicyPak VPN Manager becomes unlicensed it will REMOVE any managed VPN connection on the client endpoint. It will not honor new PolicyPak VPN Manager policies.
When Scripts & Triggers Manager for becomes unlicensed:
When PolicyPak RDP Files Manager becomes unlicensed it will MAINTAIN any delivered .RDP files on the client endpoint. It will not honor new PolicyPak RDP Files Manager policies.
When PolicyPak Software Package Manager (AppX Delivery) becomes unlicensed, it will MAINTAIN any delivered UWP (Windows Store) apps on the endpoint. It will not honor new PolicyPak Software Package Manager (AppX Deliver) policies.
When PolicyPak Remote Work Delivery Manager becomes unlicensed, it will:
When PolicyPak Device Manager becomes unlicensed, it will: